Thinkpads Forum

so I got a replacement harddrive and decided to wipe my old one before sending it back-- I got DBAN, and am pretty fascinated by how it works, and I'm curious: why isn't it sufficient-- let's say for kicks I had secrets involving national security on my drive (which I do not, of course)-- to simply use the "quick erase" function and write zeros across the drive? Does there still potentially remain some "latent image" of the data, which could in theory be recovered, that is effectively "scrambled" by, say, the algorithm behind the DOD method?

just curious...

I believe the DOD standard call for 3 passes. More at the link below....
http://www.killdisk.com/

One pass is probably sufficient according to this article.

thanks for the responses, and I will check out those links... I believe with DBAN the DoD standard is 3 passes, but you also have the option to do 7; but my question still remains: this method, along with some others, uses an algorithm to write random characters across the drive-- why is this more secure than simply writing zeros across the drive? it implies that with the latter method data could still potentially be recovered....

Put simply, if you overwrite a pattern (which your data are) with another pattern (and the zeros are a very strong one), the result is again a pattern and hence "decodable". However, if the overwriting process is randomised (i.e. randomly writing 0 and 1), then it is very hard to recognize any "pattern" of what is left and thus the chance for someone to restore your erased data is reduced. Basically, it´s all relative and I´m even telling you why How good your data is erased with respect to the extent that someone well-equipped would be able to recover them, is at the lowest level (that´s what is left after 7 passes...) more or less a matter of probability or good chance , it also depends very much on what software/hardware is used (on both sides). Look at that from the following side: if 3 passes were really enough, nobody would have thought of 7... There will be always something left from your data, actually it could be hardly called data as it is just some physical state at that level (physical artifacts), so the point is to make it meaningless as possible information, i.e. to destroy such part of it that it becomes meaningless even though most of it will be probably present physically. The basic problems of recovering erased data using special methods are:
1. You would have to know what you are looking for and how it would probably look on physical level (assumed you are aware that some special software has been used to erase the data);
2. You would have to know exactly the type of method used to erase the data;
3. You would have find out where there are "missing connections" and if possible restore them (actually in most cases this is not possible, but it is possible to simulate similar situation);
4. You would have to use further advanced probabalistic methods to approximate physical states (as already pointed out, as physical level things tend to have somewhat erratic behavior);
5. etc, etc

To sum up, you will have to decode something that is not even information because the pieces that make it such are missing. If you manage to convert it to information, you´ll have to deal with very incomplete piece of information because some pieces of that information will be also missing, not to mention that you will have to go through all this at least in double so much passes as it was erased... However, you will have some probabalistic chance to succeed since most of the date are present in fact, which in other words mean it is only matter of time to complete the process What we want to achieve is to make such attempt pointless by extending its time framework of completion beyond certain extent Basically the same what we do with general encryption.

Cheers

Marin

Everyone here has answered your question correctly, most at least.

DoD requirements are actually seven passes, but in mose cases a single pass is sufficient to defeat most commercial data retrievers.

The NSA and FBI are always "famed" for being able to recover badly damaged and even scorched platters and that is just baloney.

Instead of dropping anothe of my famous long winded answers, it can be summarized like this.

A wiped drive of just one pass, is often enough to make any data that could even be retrieved, inadmissable inside a US courtroom because even salvaged jpgs of illegal images wouldn't meet numerous burdens of acceptable evidence whichd could be used to incarcerate someone.

But, those fragments, even if usable could be sufficient enough to deploy a mission to eliminate bad people who live in Afghanistan.

Your last question about could the data really be worth something to a foreign agency, it really depends on the stakes since you have to ask yourself is the target or random and damaged fragments of data really worth risking deploying a special forces team ? Those foreign governments typically approach their decision process the same way.

The more wipes the better, if you ever listened to old magnetic audio tape that was common in the 1980's, and then ever taped over it without actually erasing and kept taping over it, you noticed you could hear whispers of the older songs during the silent portions of the newer songs and that is the magnetic remnants which is a phenomenon in hard drives that can be compared to the fanned pages of a book binding where the edge of every page sticks out a litter further than the page on top of it.

The most advanced data techniques can retrieve those fanned page edges but it isn't very usuable and the forensic team has to use the remnants they recover to speculate what kinds of file types they're even working with and then try to fill in the blanks.

Something that unreliable has never withstood judicial review in this country and likely wouldn't be enough to convince anyone to authorize a worthy operation.